The final OAuth secured .NET API code sample, which returns mock investments data:
- The API takes finer control over claims-based authorization to enable security with good manageability.
- The API uses structured logging and log aggregation, for the best supportability.
The API can run as part of an OAuth end-to-end setup, to serve my blog's UI code samples.
Running the API in this manner forces it to be consumer-focused to its clients:
The API's clients are UIs, which get user-level access tokens by running an OpenID Connect code flow.
For productive test-driven development, the API instead mocks the authorization server:
A basic load test fires batches of concurrent requests at the API.
This further verifies reliability and the correctness of API logs.
You can aggregate API logs to Elasticsearch and run Technical Support Queries.
- Install a .NET 8+ SDK.
- Also install Docker to run integration tests that use Wiremock.
Then run the API with this command:
./start.shAdd these domains to your hosts file to configure DNS:
127.0.0.1 localhost api.authsamples-dev.com login.authsamples-dev.com
Then call an endpoint over port 446:
curl -k https://api.authsamples-dev.com:446/investments/companiesThen configure Operating system trust for the root CA at ./certs/authsamples-dev.ca.crt.
Stop the API, then re-run it with a test configuration:
./testsetup.shThen run integration tests and a load test:
./integration_tests.sh
./load_test.sh- See the API Journey - Server Side for further information on the API's behaviour.
- See the Overview Page for further details on how to run the API.
- See the OAuth Integration Page for some implementation details.
- The API uses C# and .NET.
- Kestrel is the HTTP server that hosts the API endpoints.
- AWS Cognito is used as the default authorization server.
- The jose-jwt library manages in-memory JWT validation.
- The project includes API deployment resources for Docker and Kubernetes.